this doesn't exist on my system, and we don't run firewall stuff, so maybe its not compiled in.
On Oct 17, 2012, at 6:10 PM, da...@lang.hm wrote: > On Wed, 17 Oct 2012, Andrew Hume wrote: > >> screwed by linux again. sigh. >> >> so apparently i am overloading my pathetic linux system with too much tcp/ip >> traffic. >> is there any way to detect this while (or before or after) it is happening? >> of course no error messages are emitted. >> but might there be some other thing buried away somewhere, like /proc? > > It depends on what caused the problem. > > I would guess that the cause of the problem is probably due to overloading > the conntrack capabilities of your system (needed for stateful firewalling, a > bottleneck otherwise) > > there are lots of stats available in: > > /proc/sys/net/ipv4/netfilter > > If this is the case, you may have some entries in your logs and dmesg that > look like: > > nf_conntrack: table full, dropping packet. > > adding something like: > > net.ipv4.netfilter.ip_conntrack_max = 256000 > > will probably bump up the limit (at the cost of eating more memory) > > If you have a system that is not needing the stateful firewalling, compiling > a kernel without conntrack will save you some memory and a potentially > significant amount of CPU > > Normally I would only expect problems on either a very low-end box (a home > wifi router for example) or a box that is under a huge load of short-lived > connections. > > David Lang_______________________________________________ > Tech mailing list > Tech@lists.lopsa.org > https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech > This list provided by the League of Professional System Administrators > http://lopsa.org/ ----------------------- Andrew Hume 623-551-2845 (VO and best) 973-236-2014 (NJ) and...@research.att.com
_______________________________________________ Tech mailing list Tech@lists.lopsa.org https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
